diff options
| author | Rick Macklem <rmacklem@FreeBSD.org> | 2020-09-05 00:50:52 +0000 |
|---|---|---|
| committer | Rick Macklem <rmacklem@FreeBSD.org> | 2020-09-05 00:50:52 +0000 |
| commit | 22f085c43ba25698ba35154738306d6598b74e25 (patch) | |
| tree | 52588d3614f2c95f21e78bdfdd41b091ddb31cf4 | |
| parent | 90802d88a57c6c86b4d48bbee8d14ed2fc80c107 (diff) | |
| download | src-22f085c43ba25698ba35154738306d6598b74e25.tar.gz src-22f085c43ba25698ba35154738306d6598b74e25.zip | |
Fix a potential memory leak in the NFS over TLS handling code.
For the TLS case where there is a "user@domain" name specified in the
X.509 v3 certificate presented by the client in the otherName component
of subjectAltName, a gid list is allocated via mem_alloc().
This needs to be free'd. Otherwise xp_gidp == NULL and free() handles that.
(The size argument to mem_free() is not used by FreeBSD, so it can be 0.)
This leak would not have occurred for any other case than NFS over TLS
with the "user@domain" in the client's certificate.
Notes
Notes:
svn path=/head/; revision=365355
| -rw-r--r-- | sys/rpc/svc.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/sys/rpc/svc.c b/sys/rpc/svc.c index a678fbae704d..a059096e7b77 100644 --- a/sys/rpc/svc.c +++ b/sys/rpc/svc.c @@ -902,6 +902,8 @@ svc_xprt_free(SVCXPRT *xprt) { mem_free(xprt->xp_p3, sizeof(SVCXPRT_EXT)); + /* The size argument is ignored, so 0 is ok. */ + mem_free(xprt->xp_gidp, 0); mem_free(xprt, sizeof(SVCXPRT)); } |